I'm struggling to write a Data Loss Prevention (DLP) policy for AI interactions. It seems that everything I create only applies to file uploads and emails, but I need to figure out how to monitor what users are actually typing into these AI tools. Traditional DLP systems focus on files with metadata, size, and paths, but they don't capture the text entered in web forms, such as customer data that gets encrypted and sent to AI models.
I've tried using keyword and regex rules, which work for structured data but aren't effective for context-dependent information. I've scoped to certain domains, blocked some, but missed others, leaving me with no visibility into what users enter in tools I allow.
I've noticed that many users engage with personal accounts for tools that are approved, and the data often bypasses anything I can monitor. My security stack, including SWG and CASB, identifies domains and applications but fails to see what users paste into prompts. The typical measures seem misaligned.
I considered browser extensions as a potential solution but I don't understand why I need to use a separate tool for this. Why aren't existing DLP vendors addressing this significant oversight?
2 Answers
You’re definitely right about the limitations of traditional DLP—it just doesn't handle the browser interactions well. For a more effective solution, you might want to look into breaking and inspecting HTTPS traffic. That can give you a clearer view of what's being typed into those prompts.
Of course, this approach has its complications, particularly around security and privacy, so be careful with how you implement it.
It's true that enterprise AI DLP is still getting off the ground. One tool I can suggest is LayerX; it provides an inline, browser-based agent that can monitor real-time interactions. However, it’s not yet mainstream across existing SWG and CASB integrations. Depending on your organization’s needs, you might need to tighten down on AI usage or look at dedicated inspection tools like LayerX to fill the gaps.
That makes sense. I wonder how well that kind of browser-based inspection really works with all the different apps out there. Have people had good results with it?